Lib.rs

Filesystem
#path #security #fs #path-traversal

path_ratchet

Prevent path traversal attacks at type level

by zSchoen

3 releases (breaking)

0.3.0 Dec 9, 2023
0.2.0 Dec 6, 2023
0.1.0 Dec 4, 2023

#743 in Filesystem

Download history 34/week @ 2023-12-30 2/week @ 2024-01-06 5/week @ 2024-01-13 2/week @ 2024-01-20 10/week @ 2024-01-27 6/week @ 2024-02-03 7/week @ 2024-02-10 57/week @ 2024-02-17 81/week @ 2024-02-24 6/week @ 2024-03-02 3/week @ 2024-03-16 51/week @ 2024-03-30 4/week @ 2024-04-13

55 downloads per month

LGPL-3.0-only

18KB
198 lines

Path Ratchet

LGPL 3.0 License Crates.io Workflow Status crev reviews

Prevent path traversal attacks at type level.

use std::path::PathBuf;
use path_ratchet::prelude::*;

let user_input = "/etc/shadow";
let mut filename = PathBuf::from("/tmp");
filename.push_component(SingleComponentPath::new(user_input).unwrap());

lib.rs:

PathBuf::push allows any form of path traversal:

#
let user_input = "/etc/shadow";
let mut filename = PathBuf::from("/tmp");
filename.push(user_input);
assert_eq!(filename, PathBuf::from("/etc/shadow"));

Contrary <PathBuf as PushPathComponent>::push_component requires a path with only a single element.

use std::path::PathBuf;
use path_ratchet::prelude::*;

let user_input = "/etc/shadow";
let mut filename = PathBuf::from("/tmp");
filename.push_component(SingleComponentPath::new(user_input).unwrap());

Security

It is essential to check the path on the same platform it is used on. As an example the path C:\path\to\file.txt will be interpreted as a file or directory name on an UNIX-system.

SingleComponentPath::new(r"C:\path\to\file.txt").unwrap();

No runtime deps